ITL Newsletter for November - December 2017

ITL Newsletter for November - December 2017

ISSUE 149

NOVEMBER - DECEMBER 2017

VIEW AS WEBPAGE

information technology laboratory

CULTIVATING TRUST IN IT AND METROLOGY

IN THIS ISSUE

Routing

NEW NETWORK SECURITY STANDARDS HELP PROTECT THE INTERNET'S ROUTING

Electronic messages traveling across the internet are under constant threat from data thieves, but new security standards created with the technical guidance of the National Institute of Standards and Technology (NIST) will reduce the risk of messages being intercepted or stolen. These standards address a security weakness that has been a part of the internet since its earliest days.

The set of standards, known as Secure Inter-Domain Routing (SIDR), have been published by the Internet Engineering Task Force (IETF) and represent the first comprehensive effort to defend the internet's routing system from attack. The effort has been led by a collaboration between NIST and the Department of Homeland Security (DHS) Science and Technology Directorate, working closely with the internet industry. The new specifications provide the first standardized approach for global defense against sophisticated attacks on the internet’s routing system.

READ MORE

NEWS UPDATES

NIST EXPERTS URGE CAUTION IN USE OF COURTROOM EVIDENCE PRESENTATION METHOD

COURTROOM

Two experts at the National Institute of Standards and Technology (NIST) are calling into question a method of presenting evidence in courtrooms, arguing that it risks allowing personal preference to creep into expert testimony and potentially distorts evidence for a jury.

READ MORE

NIST RISK MANAGEMENT FRAMEWORK

RMF

The NIST Risk Management Framework provides a process that integrates security and risk management activities into the system development life cycle. The risk-based approach to security control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations.

READ MORE

DIGITAL VIDEO EXCHANGE STANDARDS

Video evidence from Closed Circuit Television (CCTV) Digital Video Recording (DVR) systems is a powerful resource for forensic investigations. Industry lacks a common standard for exporting video from CCTV systems for subsequent analysis. Often, this necessitates data conversion, which results in degraded image quality, loss of metadata, and costly delays. NIST is working with Law Enforcement, Industry, and the Standards Community to establish a standardized digital video data exchange format.

READ MORE

STAFF RECOGNITION

Bradley Alpert

Congratulations to Bradley Alpert, of ITL's Applied and Computational Mathematics Division in Boulder, Colo., who was a member of a Physical Measurement Laboratory/ITL team recognized with a DOC Gold Medal Award. The group was recognized for developing first-in-the-world research tools that can make stop-action X-ray measurements of light interacting with molecules on near-instantaneous time scales. Using an innovative table-top system, the scientists obtained results with 10 times better time resolution than is available at large X-ray synchrotron facilities, which cost hundreds of millions of dollars, and collected X-rays with 10 to 100 times better efficiency. The group’s work enables fast turn-around measurements of materials for photonics, energy harvesting, and industrial catalysis.

SELECTED NEW PUBLICATIONS

2016 NIST/ITL Cybersecurity Program: Annual Report (NIST Special Publication 800-195)

Title III of the E-Government Act of 2002, entitled the Federal Information Security Management Act (FISMA) of 2002, requires NIST to prepare an annual public report on activities undertaken in the previous year, and planned for the coming year, to carry out responsibilities under this law. The primary goal of the NIST s Information Technology Laboratory (ITL) Cybersecurity Program, is to provide standards and technology that protects information systems against threats to the confidentiality, integrity, and availability of information and services. During Fiscal Year 2016 (FY 2016), the ITL Cybersecurity Program successfully responded to numerous challenges and opportunities in fulfilling that mission. Through ITL's diverse research agenda and engagement in many national priority initiatives, high-quality, cost-effective security and privacy mechanisms were developed and applied that improved information security across the federal government and the greater information security community. This annual report highlights the research agenda and activities in which the ITL Cybersecurity Program was engaged during FY 2016.

Application Container Security Guide (NIST Special Publication 800-190)

Application container technologies, also known as containers, are a form of operating system virtualization combined with application software packaging. Containers provide a portable, reusable, and automatable way to package and run applications. This publication explains the potential security concerns associated with the use of containers and provides recommendations for addressing these concerns.

Cybersecurity Framework Manufacturing Profile (NISTIR 8183)

This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The Manufacturing Profile of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices. This Manufacturing Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to manufacturing systems. The Manufacturing Profile is meant to enhance but not replace current cybersecurity standards and industry guidelines that the manufacturer is embracing.

Enhancing Resilience of the Internet and Communications Ecosystem: A NIST Workshop Proceedings (NISTIR 8192)

This proceedings documents the July 11-12, 2017 "Enhancing Resilience of the Internet and Communications Ecosystem" workshop led by National Institute of Standards and Technology Standards. Executive Order 13800, "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure" required the Secretaries of Commerce and Homeland Security to "jointly lead an open and transparent process to identify and promote action by appropriate stakeholders to improve the resilience of the internet and communications ecosystem and to encourage collaboration with the goal of dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets)."

Exploratory Lens Model of Decision-Making in a Potential Phishing Attack Scenario (NISTIR 8194)

Phishing, the transmission of a message spoofing a legitimate sender about a legitimate subject with intent to perform malicious activity, causes a tremendous and rapidly-increasing amount of damage to American information systems and users annually. This project implements an exploratory computational model of user decision making in a potential phishing attack scenario. The model demonstrates how contextual factors, such as message subject matter match to current work concerns, and personality factors, such as conscientiousness, contribute to users decisions to comply with or ignore message requests.

Wireless Activities in the 2 GHz Radio Bands in Industrial Plants (NIST Technical Note 1972)

Wireless connections are becoming popular in industrial environments that increasingly carry sensing and actuation data over the air. In industrial plants, activities of legacy wireless systems have shaped the channel usage in the radio spectrum bands for new wireless applications. The 2 GHz spectrum band consists of a good number of radio resources that are dedicated to fixed and mobile wireless communications. In this report, passive measurement data collected in two industrial plants is analyzed to identify existing wireless activities in this frequency band. Besides, a statistical channel usage model is developed for the 2.4 GHz Industrial, Scientific and Medical (ISM) band. The secondary spectrum utility is evaluated given legacy wireless activity in the ISM band, which is of particular interest to unlicensed industrial wireless networking standards, such as WirelessHART and ISA100.11a.

CONFERENCE CALENDAR

NOVEMBER - DECEMBER

November

NSCI Seminar: Algorithmic Adaptations to Extreme Scale Computing

READ MORE

November

7 - 8

NICE 2017 8th Annual Conference

READ MORE

December

4 - 5

NICE K-12 Cybersecurity Education Conference

READ MORE


for more events click on calendar